On Thu, Jan 18, 2007 at 01:13:51AM -0800, Stanislav Malyshev wrote:
I am with Arnold on this one. Implement a patch that fixes the source of
most of
the problems, tidy the rest at leisure. Better to get an effective fix
quickly
than wait forever for perfection.
Security solution can't
Hi,
I'm now trying OOP in PHP5, and enjoy it very much. However, as we know
PHP5 does not allow compile-time instantiation,
so when I try this script:
?php
class C {
static private $o = new stdClass();
}
?
it ends up with a parse error, while in Java it works naturally. I wonder
whether
I vote 1 as well.
The problem only occurs if the function is used insecurely by the
developer. There are a few functions which are implemented insecurely a
lot. Since these holes are always the same, hackers will try to use
this. So fixing 90% of the problems would not leave the hacker with
On 01/18/2007 05:06 PM, Jingcheng Zhang wrote:
Hi,
I'm now trying OOP in PHP5, and enjoy it very much. However, as we know
PHP5 does not allow compile-time instantiation,
so when I try this script:
?php
class C {
static private $o = new stdClass();
}
?
Class properties are initialized
I would like to help maintain documentation, I have noticed many unanswered
bugs, and have time to contribute to a project I have come to enjoy. I would
also like to possibly help with developing the runtime.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:
On 01/18/2007 06:23 PM, Christopher Baughman wrote:
I would like to help maintain documentation, I have noticed many unanswered bugs,
You don't need a CVS account to start answering them =)
and have time to contribute to a project I have come to enjoy. I would also like to possibly help with
commit Crypt_DSA(http://pear.php.net/pepr/pepr-proposal-show.php?id=467) to
cvs.php.net
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Antony Dovgal wrote:
On 01/18/2007 06:23 PM, Christopher Baughman wrote:
I would like to help maintain documentation, I have noticed many
unanswered bugs,
You don't need a CVS account to start answering them =)
I think he meant answer-by-patching.
In any case, feel free to send patches to
Sara,
I assume this would also mean all userland stream wrappers become
is_url=1?
Anyway, +1.
David
Am 17.01.2007 um 02:07 schrieb Sara Golemon:
allow_url_include has been bashed lately for being not good
enough, and there is a kernel of truth to that, though where the
ultimate
I assume this would also mean all userland stream wrappers become is_url=1?
Anyway, +1.
This patch, by itself, doesn't affect the is_urlness of userspace
wrappers. Whether or not we change their designation is up to a
separate concensus (I'm in favor of it for the record).
Funnily enough
Could you also run Zend/bench.php to check that patch doesn't slowdown local
fetches.
I think the patch can be commited into HEAD (not into PHP_5_2), but I would
prefer collect all performance patches and commit them into PHP_5_3 and HEAD
together.
without with
simple
The optimizer already does most of those things, so I think things
like that are best left there rather then being done in the core.
On 18-Jan-07, at 4:34 PM, Sara Golemon wrote:
Could you also run Zend/bench.php to check that patch doesn't
slowdown local
fetches.
I think the patch can be
I haven't seen the patch yet but my concern would be with resources which have
already been opened. Unless you guys clean that up in
between requests it can be very dangerous as I doubt Linux re-verify's
permissions when those are accessed. In any case, I'd be
happy to review and might be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The 2nd release candidate for PHP 5.2.1 is now available for
download. The tarballs can be found here:
http://downloads.php.net/ilia/php-5.2.1RC3.tar.bz2
(d3889eda8c3471ce7cf2adb35a4de736)
http://downloads.php.net/ilia/php-5.2.1RC3.tar.gz
[EMAIL PROTECTED] wrote:
The optimizer already does most of those things, so I think things like
that are best left there rather then being done in the core.
How exactly does the (by the I presume you mean your) optimizer
manage to turn $_POST['foo'] into a single CV based DIM fetch? The
On 18-Jan-07, at 9:12 PM, Sara Golemon wrote:
Or do you mean that they turn:
ZEND_FETCH_R $0 'GLOBALS' (global)
ZEND_FETCH_DIM_R $1 $0 'foo'
Into:
ZEND_FETCH_R $1 'foo' (global)
Yup.
And:
ZEND_BEGIN_SILENCE
ZEND_FETCH_R $0 'foo' (local)
ZEND_FETCH_DIM_R $1 $0 'bar'
ZEND_END_SILENCE
Into:
1% is a measure mistake, so patch is OK.
Dmitry.
-Original Message-
From: Sara Golemon [mailto:[EMAIL PROTECTED]
Sent: Friday, January 19, 2007 12:35 AM
To: Dmitry Stogov
Cc: internals@lists.php.net; 'Andrei Zmievski'; 'Andi Gutmans'
Subject: Re: [PHP-DEV] Giving Globals the CV
17 matches
Mail list logo